Accepting request 908535 from home:gladiac:branches:security:tls

- Update to version 1.3.1
  * fix: fix -Wconversion warnings (by Ondrej Mosnacek)
  * fix: fix bad data types in _kcapi_common_send_meta (by Ondrej Mosnacek)
  * fix: Version symbols to maintain ABI compatibility (by Simo Sorce)
  * fix: disable io_getevents on systems that do not support it (by Khem Raj)
  * fix: remove prctl PR_SET_DUMPABLE to allow library to be debugged - as the
    library does not store any sensitive data in data structures it owns, such
    security precautions may not be necessary considering the benefit of
    allowing regular debugging
  * fix: ensure that sendmsg is always used as fallback when vmsplice cannot be
    used
  * enhancement: add kcapi_set_maxsplicesize and kcapi_get_maxsplicesize
  * enhancement: the variable types are changed from int32_t to ssize_t and
    from uint32_t to size_t to match common POSIX and Linux APIs
- Added libkcapi-fix-lto.patch

OBS-URL: https://build.opensuse.org/request/show/908535
OBS-URL: https://build.opensuse.org/package/show/security/libkcapi?expand=0&rev=37

libkcapi-1.2.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:782430512195f146e0e16e6bb689d9a7e61387afcfedc4340c433284b8b66049
-size 318948

libkcapi-1.2.0.tar.xz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAl7K1MMACgkQQh7pNjJq
-wVueDgf/SEJfcgYYYcnND38nawuTXequkiq5TrhAb7AY/kx6LDQzXLRHlqLvjppV
-QMUQyiiLypo+NF/qrsLhyGi2IwRePaieLfXTZWcE4eO/sqss9CbYsUtk7bcByFvG
-YEDjTYooZU4NYx3WtpwegKF+ImBLmadDDbfkcGWcmNG5EEnh1Rtw0agg/5BxCxKy
-F5aEdXWs/mU6CxgDi2EFT+8FAD2Lv80Kpn0qWAVWb03IbtzvAZ36CzP4lEywDqV2
-lZq3hZeOvBecjmGDFthMNB0CfknCHdPYvEhXuR6cSiYrmY3heUeS6Py1cPosab3A
-xDePoFm3iYY4nALhCWOfp2/vPhZtgw==
-=ZgIv
------END PGP SIGNATURE-----

libkcapi-1.3.1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6b57946eb87bc9cfa544140b6c9a12ef9eefa0a16695578aebf3395f0a78bede
+size 332912

libkcapi-1.3.1.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCAAdFiEEO8xD1NLIfReEtp7kQh7pNjJqwVsFAmDttB4ACgkQQh7pNjJq
+wVvV4Af/X0t4iZ8ng+AaItGiK3m2Wx1UTJTA1SYTfTTUpENtePKZADG3MX/I5x5N
+VVO6CTF6ADZFrwrswP+3KIwZpEsrssTEGZ54G0nLbaHTzyXvE9Ec3CPGECgjZGzM
+T0ZGz0XYykWpEVqQDEFKoLs2yK5U/WYHrde5iV9CW2WHK/6VyuRvzAKzh83n5fDg
+WlAWGtBQWaGdJAhduLnFx7U7clbpLCuwAZFURWPT1nUamkioT64Io2MfHx+Y9xu+
+cLLqpOBDZAk34MDA0i09psyfD+NPjtzn5i3IEZO9rs8CpFuEe+tBpoJdGpROhuz2
+9o9G2TEe8khpGuKnkAJ7G60Ggdcnmg==
+=e24H
+-----END PGP SIGNATURE-----

libkcapi-fix-lto.patch

@@ -0,0 +1,47 @@
+From 71d80bcffca26373149121e026d612146b4695d5 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Wed, 14 Jul 2021 10:52:01 -0400
+Subject: [PATCH] Use GCCs __symver__ attribute
+
+This is needed to allow LTO builds, as the __asm__ directives do not give
+enough context to the compiler and the build fails when the -flto flag is
+passed in.
+
+Unfotunately __symver__ is avilbel only startig from GCC 10, so we need
+more macro juggling.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+Signed-off-by: Stephan Mueller <smueller@chronox.de>
+---
+ lib/internal.h | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/lib/internal.h b/lib/internal.h
+index 29fdb7b..64dad24 100644
+--- a/lib/internal.h
++++ b/lib/internal.h
+@@ -350,6 +350,16 @@ static inline int io_getevents(__attribute__((unused)) aio_context_t ctx,
+ #if __GNUC__ >= 4
+ # define DSO_PUBLIC __attribute__ ((visibility ("default")))
+ 
++#if __GNUC__ >= 10
++# define IMPL_SYMVER(name, version) \
++    __attribute__ ((visibility ("default"))) \
++    __attribute__((__symver__("kcapi_" #name "@@LIBKCAPI_" version)))
++
++# define ORIG_SYMVER(name, version) \
++    __attribute__ ((visibility ("default"))) \
++    __attribute__((__symver__("kcapi_" #name "@LIBKCAPI_" version)))
++
++#else
+ # define IMPL_SYMVER(name, version) \
+     __asm__(".global impl_" #name ";"\
+ 	    ".symver impl_" #name ",kcapi_" #name "@@LIBKCAPI_" version);\
+@@ -359,6 +369,7 @@ static inline int io_getevents(__attribute__((unused)) aio_context_t ctx,
+     __asm__(".global orig_" #name ";"\
+ 	    ".symver orig_" #name ",kcapi_" #name "@LIBKCAPI_" version);\
+     __attribute__ ((visibility ("default")))
++#endif
+ 
+ #else
+ # error "Compiler version too old"

libkcapi.changes

@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Tue Jul 27 08:03:48 UTC 2021 - Andreas Schneider <asn@cryptomilk.org>
+
+- Update to version 1.3.1
+  * fix: fix -Wconversion warnings (by Ondrej Mosnacek)
+  * fix: fix bad data types in _kcapi_common_send_meta (by Ondrej Mosnacek)
+  * fix: Version symbols to maintain ABI compatibility (by Simo Sorce)
+  * fix: disable io_getevents on systems that do not support it (by Khem Raj)
+  * fix: remove prctl PR_SET_DUMPABLE to allow library to be debugged - as the
+    library does not store any sensitive data in data structures it owns, such
+    security precautions may not be necessary considering the benefit of
+    allowing regular debugging
+  * fix: ensure that sendmsg is always used as fallback when vmsplice cannot be
+    used
+  * enhancement: add kcapi_set_maxsplicesize and kcapi_get_maxsplicesize
+  * enhancement: the variable types are changed from int32_t to ssize_t and
+    from uint32_t to size_t to match common POSIX and Linux APIs
+- Added libkcapi-fix-lto.patch
+
 -------------------------------------------------------------------
 Mon Aug 31 13:30:58 UTC 2020 - Dirk Mueller <dmueller@suse.com>
 

libkcapi.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libkcapi
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           libkcapi
-Version:        1.2.0
+Version:        1.3.1
 Release:        0
 Summary:        Linux Kernel Crypto API User Space Interface Library
 License:        GPL-2.0-only
@@ -26,6 +26,8 @@ URL:            http://www.chronox.de/libkcapi.html
 Source:         https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz
 Source1:        https://www.chronox.de/libkcapi/libkcapi-%{version}.tar.xz.asc
 Source2:        libkcapi.keyring
+# https://github.com/smuellerDD/libkcapi/commit/71d80bcffca26373149121e026d612146b4695d5.patch
+Patch0:         libkcapi-fix-lto.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libtool
@@ -73,7 +75,7 @@ Group:          Development/Tools/Other
 libkcapi user space tools to access certain hash algorithms.
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 autoreconf -i
@@ -89,7 +91,7 @@ autoreconf -i
 make %{?_smp_mflags}
 
 %install
-make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/%{_libexecdir}/libkcapi/ %{?_smp_mflags} 
+make install DESTDIR=%{buildroot} LIBDIR="%{_libdir}" BINDIR=/%{_libexecdir}/libkcapi/ %{?_smp_mflags}
 rm %{buildroot}/%_libdir/libkcapi.la
 
 mkdir -p %{buildroot}/%{_libexecdir}/libkcapi/